Google Nest camera is ‘always on’

November 26th, 2015 2 Comments By Mof Gimmers

nest Google Nest camera is always onWe’ve shrieked hysterically about Google’s smart thermostat – Nest – before, likening it to sci-fi horror where remote companies watch your every move, before ultimately singing ‘Daisy Daisy’ while trying to oversee your untimely death.

We might be overdoing it a bit. However, what doesn’t help, is that Nest has a camera that watches you in your home, and a team at ABI Research found that, even when the camera is “off,” it still draws around the same amount of info it does, as when it is fully powered.

Basically, you might think you’ve turned it off, but you haven’t. Kill it with fire. Or throw some undercrackers over it.

A spokesperson for Nest Labs told the BBC: “When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time.” So, standby mode then. Either way though, this is an ‘always on’ camera in your house, and this is Google (or Alphabet if you prefer) we’re talking about here. A company that not only wants to watch you at home, but also wants to store your DNA through the chilling 23ANDMe wing.

The Nest spokesperson continued: “When Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings.” While that may do for some, there’s going to be concerns over Google storing hours of footage of you at home in their cloud. Imagine the outpouring of hate that’ll happen if their servers get hacked.

TalkTalk give free upgrade

November 16th, 2015 10 Comments By Mof Gimmers

TalkTalk 300x180 TalkTalk give free upgradeIf you’re still a TalkTalk customer after that hack (and didn’t bother with this letter of cancellation), then you will be able to pick from a bunch of freebies by way of apology from the company.

Over 150,000 customers and around 16,000 bank account numbers will be getting an upgrade from the 1st December, which means you can add one of the following to their existing services: TV content including movies, kids entertainment and sports; a mobile SIM with a monthly allowance of free texts, data and calls; unlimited UK landline and mobile calls; or a broadband health check. Very few will be choosing the latter, we suspect.

TalkTalk’s chief executive Dido Harding, said: ‘TalkTalk takes the security of customers’ data extremely seriously and we are taking significant further steps to ensure our systems are protected, as well as writing to all our customers outlining what we are doing to keep their data safe.”

“In recognition of the unavoidable uncertainty, and because we know that doing what is right for our customers will ensure the best possible outcome for the company over the longer term, we are today announcing the offer of a choice of free upgraded services to all our customers.”

Seeing as fewer people were affected by the hack than first thought, TalkTalk will be relieved, and now all their customer-facing sales and service channels are back in full swing. However, there’s still no hiding from the fact that the company has been hacked three times within the last 12 months, which is dreadful form.

There’s still going to be a parliamentary committee investigation into the whole thing, which will be kicking off later this month, and the hack has reportedly seen 200,000 customers jumping ship.

More on the upgrade over at this TalkTalk page.

spy spying 300x300 How to stay anonymous online, after government announce snooping charterHome Secretary Theresa May is showing off the new Draft Investigatory Powers Bill, which in short, means the government can spy on you.

For a slightly longer answer, May thinks that some websites are ‘safe havens’ for criminals, and now she wants to see new laws which give authorities the chance to access everyone’s information. It looks like she’ll want to get rid of encryption, and that all your internet history would be recorded, so authorities can look at it whenever they want, without having to get permission from anyone. They want to keep everything you do online, on record, for a year.

They also want to be able to see who you’ve texted and emailed too. If your messages are encrypted, the company keeping your messages private, must hand over data to authorities if asked.

With the hacks and leaks that have been doing the rounds lately, there’s just concern about anyone holding all this private information on everyone with an internet connection.

The draft bill underlines a want for powers for the bulk collection of large volumes of communications and other personal data by MI5, GCHQ, MI6, and for the introduction of “equipment interference powers”. This all means that computers and phones can be hacked whenever they want, in the name of  national security.

Of course, the stupid thing here, is that actual criminals won’t be arranging serious crimes on Facebook Messenger or anything like that, so it looks like they just want to snoop on everyone else, which is going to worry many. It won’t worry the kind of people who say “well I’ve done nothing wrong, so they can look through all my stuff if they want”, but you can’t do anything about those people.

The Home Office has published the Investigatory Powers Bill in the House of Commons, which means it’ll be examined both Houses of Parliament. There’ll be a final vote on the whole thing at some point in 2016. We suspect there’s be some legal action thrown at the government before then.

How To Stay Anonymous Online

If you want to browse the internet anonymously, the first place to start is with the free Tor Browser. We won’t bore you with the ins-and-outs of the whole thing, but basically, it puts your web traffic through Tor’s network, and makes it anonymous and encrypts the shit out of it. It isn’t wholly anonymous, but it isn’t far off.

You can send emails through web services in Tor Browser too, but you’d need an email account that doesn’t reveal any personal information about you. One to look at is Guerrilla Mail.

As for instant messaging, there’s Pidgin, Wickr, and Tor who have just released their own. You know how to work a phone or search engine, so get on those. As for your phone itself, there’s an app called Orbot that runs Tor on Android.

If you want to set up a VPN (Virtual Private Network), then click here for a VPN how to guide. There’s loads of tutorials online, if you want to vanish from the eyes of the government.

Vodafone – the latest to be hacked

November 2nd, 2015 No Comments By Mof Gimmers

vodafone logo 300x300 Vodafone   the latest to be hackedVodafone are the latest to fall victim to a hack, with nearly internet scallies getting access to around 2,000 customers’ details. We hope that the hackers aren’t doing this for attention, because we’re kinda bored by all these hacks now – they’ve lost their edge somewhat.

Anyway, Vodafone said that 1,827 accounts have been accessed, and they fear that criminals have customers’ names, mobile numbers, bank sort codes and the last four digits of their bank accounts, which is no good.

A Vodafone spokesman said: “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”

Vodafone started an investigation over the weekend, and have informed the National Crime Agency, Ofcom and the Information Commissioner’s Office. They’re not mucking about, like TalkTalk have been (and if you’re unimpressed with TalkTalk and want to leave them, check out our letter template so you can get out of your contract).

“Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved the customer’s name, their mobile telephone number, their bank sort code, the last four digits of their bank account,” continued Voda.

“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts. These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details.”

As well as telling all the relevant authorities, Vodafone have also contacted all the banks of affected customers. Even if you think Vodafone are run by a bunch of gits, this is a fine way to deal with a crisis compared to some of their peers.

Visa, Sky TV, Amazon and Ticketmaster, are also being targeted – busy time for the hackers, eh?

snapchat 300x300 What you need to know about Snapchats privacy updateAny mention of Snapchat makes elderly people roll their eyes and sigh, mainly because they don’t understand what it is, or they don’t like they idea of people using something that they don’t want to use. For the rest of humanity, there’s been a lot of chatter about the company’s privacy policy.

There were angry rants, as people were under the impression that Snapchat had decided to keep your photos and videos FOREVER and use them as they pleased. Of course, seeing as a load of people have sent photos of their junk through the service, people started getting a bit jumpy.

What is the truth of the matter though?

After a number of respected publications ran these stories, Snapchat felt the need to put a statement out. It was to the point: “The Snaps and Chats you send your friends remain as private today as they were before the update.”

Of course, like they’ve been saying for ages, the company have zero control over those who screengrab your photos and the like, but they’re very clear about that when you sign-up. Basically, if you know someone who is rather screengrabby, don’t send them anything private or, indeed, make sure you’re able to blackmail them back if they’re acting like dicks.

Snapchat’s terms of service say: “When you do that, you retain whatever ownership rights in that content you had to begin with.” In fact, unlike a bunch of other social platforms, Snapchat has a policy of not sharing messages with advertisers or other business partners. However, there is a few things to look out for.

In the terms of service, they do give up some rights. It says: “We need that license when it comes to, for example, Snaps submitted to Live Stories, where we have to be able to show those Stories around the world—and even replay them or syndicate them.” Again, that’s rather clear when you join in with that particular element of the app.

Basically, the recent update was done to change the language of the terms, so they were easier to understand. Seems they were easier to misconstrue too.

Either way, if you want to read Snapchat’s statement, and see what they’re up to, click here.

Letter template to cancel TalkTalk account

October 30th, 2015 4 Comments By Mof Gimmers

TalkTalk 300x225 Letter template to cancel TalkTalk accountIf you want to leave TalkTalk after their data breach, without penalty, then we’ve knocked up a letter you can use to try and make this happen.

Crib notes from it, or cut-and-paste the whole thing. Of course, they might try it on and aim to fine you for leaving your account early, but if you’re willing to stick at it, they should let you go.

Send your letter to: Customer Relations Department, TalkTalk Group, PO Box 346, Southampton, SO30 2PW

You’ll be giving them 14 days to reply and sort this out, which is the law. If they don’t, you can cancel your direct debit with them as they’re in breach of contract and indicate that they’re acceptance of your terms within the letter.

Give ‘em hell!

Letter Template To Cancel TalkTalk Account After Data Breach

Dear Sir or Madam,

Account number: [account number here]

This letter is my formal notice to tell you that I am closing my account following the cyber attack on your systems on October 21st. In your terms and conditions, section 18, it states that: “We’re committed to protecting and preserving any information you give to us.” You have failed to do this. Furthermore, your Privacy Policy clearly states that you will only share my private information with organisations outside of TalkTalk with my consent.

It is clear that you, TalkTalk, are in material breach of these clauses and, with the hack in October 2015 being the third on TalkTalk’s systems within a year, this represents a clear failure to secure my details. You have failed to take the agreed safeguards and have failed to secure my, the customer, personal details, which has resulted in my personal information being exposed to third parties who do not have consent from myself.

As a result, I want you to terminate my contract without any penalty. I will insist that you send written confirmation to me that will allow me to move to a new provider, without cost, within 14 days of receiving this letter.

After the 14 day period, you will receive no more payments from me, and should you proceed to harm my credit over non-payments, I will be forced to take further legal action over any costs accrued.

[print name here]
[write account number again]
[address here]

British Gas latest in data leak

October 29th, 2015 1 Comment By Mof Gimmers

british gas British Gas latest in data leakIt is the week of data leaks, with TalkTalk getting hacked by a child, Morrisons getting sued over the loss of data, and M&S being a bit fast and loose with customers’ private data.

Now, British Gas are the latest to get in on the act, and have had to get in touch with around 2,200 people after account passwords and email addresses appeared online. The company say that their systems are secure and no payment info is at risk, but still, this doesn’t look very good does it?

The details of this leak will now be sent over to the Information Commissioner’s Office, so they can investigate what’s going on.

British Gas posted on Twitter: “A small number of customer details briefly appeared online but our systems are secure.” The follow-up email states that the information had not come from the company themselves.

Next week, we assume we’ll be writing an article about a massive bank keeping customers’ personal details in a brown paper bag which they’ve hidden behind a plant-pot, and a massive supermarket that keeps customer data safe behind a chocolate fire-guard.

Marks & Spencer down after data breach

October 28th, 2015 No Comments By Mof Gimmers

marks and spencer Marks & Spencer down after data breachMarks & Spencer took their website down for two hours, as it turned out that customers could see other people’s details when they logged in to their accounts. Yep. It’s another data breach!

Now, M&S said that no-one’s details were compromised by the ‘internal technical problem’, but they said sorry, given that everyone is particularly jumpy about such things at the moment. Some people said they logged in and could see other people’s orders and payment details.

A spokesperson for M&S said that the whole thing was a “technical issue” and that customers may have been able to see the last four digits of another person’s payment card “for a brief moment”, but the actual card details are encrypted, so there’s no need to worry.

“There were no financial details compromised at all,” the spokesperson said; “We weren’t hacked by a third party. It was an internal technical problem.”

Another spokesperson added: “Due to a technical issue we temporarily suspended our website last night. This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused.”

This is all a bit embarrassing, seeing as there’s likely to be a number of new customers signing up to the site, thanks to the Sparks scheme.

Facebook 300x300 Facebook   soon mithering you about absolutely everythingFacebook have been tinkering with their format again (seriously – leave it alone for five minutes, wouldya?), this time, looking at personalised notifications.

That’s right, the social network is now going to cater to your every need by telling you about your friend’s birthday, that event you forgot to say you weren’t going to, and a whole load more. Mobile notifications on the Facebook app will now prod you about all the events in your life – even the ones you’re not arsed about.

“We’ve heard feedback that people wanted to add important information that they can easily see, all in one place,” wrote product manager Keith Peiris on the official Facebook blog. “Along with your notifications, you can see and customize timely info.”

Instead of a nice, normal list, you’ll now get your mobile notifications organised as “cards”, which will be tailored the more you tell Facebook about your activities and location. Interesting that eh? Not like Facebook to want to know where you are and what you’re doing all the time, is it?

If you mess with your settings enough, you’ll also get notifications about when your favourite TV show is on, or you’ll get alerts from your favourite venues and pubs, every time they do anything, ever.

You might be fine with the privacy/usefulness trade-off, so this will be good news. If not, just delete the app and stop using it – save yourself and everyone around you the headache.

facebook mobile 300x200 Facebook   now sharing your public posts on search enginesFacebook is going to let people search for your status updates on search engines. Twitter has been searchable like that for a while, so some people won’t mind at all. However, this will stick in the craw with some, who see Facebook as a safe place to say what you want without being snooped on.

Of course, people, pages, and brands have been easy to track down, but not individual items shared on newsfeeds and timelines. That’s all about to change, as Facebook is rolling out an update to open everything up.

Facebook’s vice president of search Tom Stocky said: “When something happens in the world, people often turn to Facebook to see how their friends and family are reacting. Today, we’re updating Facebook Search so that in addition to friends and family, you can find out what the world is saying about topics that matter to you.”

You’ll know that the social network is in trouble with how much it shares with the world, losing a court case about people’s personal information. Some people might see this as further evidence of FB taking the piss. In that case, you might want to dive into your Settings and start shoring everything up, if you’re worried about that sort of thing.

You can assume that Facebook will only make public posts searchable, so if your account is locked-down, you should be okay… provided of course, if you trust the social network on such matters.

The update is going to roll out in the US first, on iPhone, Android and desktop, and then, it’ll creep across the rest of the territories in due time.

TalkTalk customer info hacked

October 23rd, 2015 4 Comments By Mof Gimmers

TalkTalk 300x180 TalkTalk customer info hackedTalkTalk customers have had their personal information hacked in what the police are calling a “significant and sustained” cyber-attack on the company’s website. This is the third data breach in a year for TalkTalk.

“We are continuing to work with leading cybercrime specialists and the Metropolitan police to establish exactly what happened and the extent of any information accessed,” said TalkTalk.

The company’s chief executive, Dido Harding, said: “We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.”

The way TalkTalk has been handling this has angered some customers. Looking through Twitter, it seems that TalkTalk’s customer service lines have been downed by the volume of people trying to get answers about what exactly has gone missing.

One of the things that will worry TalkTalk customers, is that the last time they were scammed out of money after a hack, TalkTalk refused to accept any liability, and blamed one victim for being tricked. They said, after one of their customers was scammed out of nearly £3,000, that because the customer gave details to the fraudster, he was “validating and authorising the transfer of funds”.

So what about this hack? Well, TalkTalk said that it is possible that credit card and bank account details could’ve been swiped, as well as personal info like names, addresses, dates of birth, email addresses and telephone numbers. Here’s the kicker – TalkTalk have said that “not all of the data was encrypted” but that they think “our systems were as secure as they could be”.

Basically, customers need to keep an eye on their accounts and keep checking for any odd behaviour or payments being made from it. If you do see something odd going on, you need to report it to ActionFraud. Obviously, like always, if anyone rings you up asking for your passwords and the like, tell them to piss off. No legit business ever asks for your passwords and bank details.

Until then, wait for TalkTalk to get in touch and they should tell you more in due course.

UPDATE: TalkTalk is pointing customers in the direction of a special site if there are any questions: If you’d prefer to ring someone, then the number is 0800 083 2710, or 0141 230 0707, but remember, they’re likely to be extremely busy today.

UPDATE 2: have published some figures to show how many people were supposedly affected. They’ve said:

  • less than 1.2 million customer email addresses, name and phone numbers
  • less than 28,000 obscured credit and debit card details
  • less than 21,000 bank account numbers and sort codes
  • less than 15,000 customer dates of birth

Apple reckon the iPhone 6 is impossible to unlock

October 21st, 2015 2 Comments By Mof Gimmers

iphone7 300x168 Apple reckon the iPhone 6 is impossible to unlockApple have gone and told a judge that getting at the data stored on a locked iPhone would be ‘impossible’ (provided the device is using the latest operating system). Sounds like someone throwing the gauntlet down to us.

Anyway, they made this claim after a federal magistrate judge wanted Apple’s opinion as the court looked at a request to force the phone makers to give a hand to authorities who wanted to access a seized iPhone that was part of an investigation.

Apple reckons that 90% of their devices that are running iOS 8 or higher would be impossible to get into, after they bolstered encryption. The latest device has a feature that stops people getting at data if they don’t have the passcode. That includes Apple themselves. Although, we reckon there’s a few shops on the high street who will still have a go at getting into it, for a small fee.

This of course, followed the Edward Snowden leaks, when everyone started getting really jumpy about personal privacy and security.

Apple told US Magistrate Judge James Orenstein that they can access the devices which are still running older systems, but Apple think that this is around 10% of their users.

“Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand,” said Apple’s lawyers.

Bitterwallet Facebook censorship Irish court wants probe into how much data Facebook can transferFacebook went to court about your personal data being transferred to America, and it didn’t exactly go in their favour. During all this, it didn’t help that they were also accused of spying, which means that authorities are paying the social network particular attention at the moment.

In Ireland, where Facebook has a base, they’re facing more opposition, where Ireland’s High Court has ordered the Irish data protection agency to investigate whether or not the transfer of users’ data should be suspended or not.

The Data Protection Commissioner “is obliged now to investigate the complaint,” said Judge Gerard Hogan, following the verdict at the European Court of Justice.

In case you missed it, a fella called Max Schrems made claims against Facebook, saying that his privacy could not be guaranteed during the transfer, after a load of information came to light after Edward Snowden blew the whistle on the US National Security Agency (NSA). With Facebook having their European HQ in Ireland, Schrems asked the Irish Data Protection Commissioner to investigate what protection Europeans are getting.

Initially, the then Irish data protection commissioner didn’t want to look at the complaint, and said that EU authorities were happy enough that America had put sufficient data protection in place, through the ‘Safe Harbour’ agreement. However, things have changed since then, and the European Court of Justice ruled that ‘Safe Harbour’ is in fact, invalid.

In ‘Safe Harbour’ court ruling said that “legislation permitting (US) public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.”

Ireland’s current Data Protection Commissioner, Helen Dixon, said: “My office will now proceed to investigate the substance of the complaint with all due diligence.” Of course, Facebook are still denying that there’s anything shady going on here, but then, they would say that wouldn’t they?

email 300x200 UKs largest pharmacy fined for selling personal data to scam artistsThe biggest online pharmacy in the UK has been slapped with a £130,000 fine after they sold patients’ personal data to scammers. Those scam artists then targeted people who are vulnerable and sick, which is just great.

Pharmacy2U (P2U) was hauled in by the Information Commissioner’s Office (ICO) after it was discovered that they’d been giving names and contact details for people who had bought prescriptions and remedies from their site, through their Alchemy Direct Media company. It turns out they’d illegally sold the personal data of more than 21,000 NHS patients and P2U customers.

You’re supposed to get people’s permission before you sell their personal data – they did not.

It might be an idea to run a quality control over who you’re selling it to, which this lot clearly didn’t do, as one of the companies that bought the data were lottery fraudsters, who then went after pensioners with chronic health conditions.

Over 100,000 customer details were advertised for sale on the database, which actually broke people down into categories, such as detailing which people had Parkinson’s disease, or which ones were over 70.

ICO deputy commissioner David Smith said: “Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.”

“Once people’s personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details.”

“Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable”

Daniel Lee, managing director of P2U, said: “This is a regrettable incident for which we sincerely apologise. While we are grateful that the ICO recognises that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed. We have also confirmed that we will no longer sell customer data.”

“We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use.”

“Following this incident, we have changed our privacy policy to highlight that we will no longer sell customer data and have implemented a prior consent model for our own marketing. We hope that this substantial remedial action will reassure our customers that we have learned from this incident and will continue to do all we can to ensure that their data is protected to the highest level.”

Apple axing apps that collect your personal data

October 20th, 2015 1 Comment By Mof Gimmers

apple Apple axing apps that collect your personal dataApple are giving the boot to a number of apps that collect personal data, which are in violation of the company’s privacy policies. They made the announcement after they found hundreds of applications using Chinese ad-software that extracts “personally identifiable user information.”

“We’ve identified a group of apps that are using a third-party advertising SDK (software development kit), developed by Youmi, a mobile advertising provider, that… gather private information, such as user email addresses and device identifiers, and route data to its company server,” said Apple.

“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.”

“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

Of course, Apple aren’t getting rid of all companies who collect personal data on iPhone users, or they’d have to get rid of Google, Facebook and of course, themselves.

Anyway, the company don’t allow third-party apps to share data about a user without obtaining the users’ explicit permission. That means they reject apps that require users to share personal ID like your email address or your birth date. Apple’s researchers found 256 apps (which had been downloaded a million times, give or take) that had the version of Youmi which violates user privacy.

So there.